-
Notifications
You must be signed in to change notification settings - Fork 1
/
SolarWindsIOCs.csv
We can make this file beautiful and searchable if this error is corrected: It looks like row 2 should actually have 4 columns, instead of 3 in line 1.
45 lines (44 loc) · 3.14 KB
/
SolarWindsIOCs.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Indicator_type,Data,IP Address,Note
Description,IOCs from Solarwinds attack,
file_path_name,C:\windows\syswow64\netsetupsvc.dll,NA,TEARDROP memory module used to drop Cobalt Strike Beacon.
domain,avsvmcloud.com,NA,malware/callhome
domain,digitalcollege.org,NA,malware/callhome
domain,freescanonline.com,NA,malware/repository
domain,deftsecurity.com,NA,malware/callhome
domain,thedoccloud.com,NA,malware/callhome
domain,websitetheme.com,NA,malware/repository
domain,highdatabase.com,NA,malware/repository
domain,incomeupdate.com,NA,malware/callhome
domain,databasegalore.com,NA,malware/callhome
domain,panhardware.com,NA,malware/callhome
domain,zupertech.com,NA,malware/callhome
domain,seobundlekit.com,NA,malware/callhome
domain,lcomputers.com,NA,malware/callhome
domain,virtualdataserver.com,NA,malware/repository
domain,webcodez.com,NA,malware/callhome
domain,infinitysoftwares.com,NA,malware/callhome
domain,ervsystem.com,NA,malware/callhome
ip,IP address,13.59.205.66,C2 malware/repository
ip,IP address,54.193.127.66,C2 malware/repository
ip,IP address,54.215.192.52,C2 malware/repository
ip,IP address,34.203.203.23,C2 malware/callhome
ip,IP address,139.99.115.204,C2 malware/callhome
ip,IP address,5.252.177.25,C2 malware/callhome
ip,IP address,5.252.177.21,C2 malware/callhome
ip,IP address,204.188.205.176,C2 malware/callhome
ip,IP address,51.89.125.18,C2 malware/callhome
ip,IP address,167.114.213.199,C2 malware/callhome
sha256,d0d626deb3f9484e649294a8dfa814c5568f846d5aa02d4cdad5d041a29d5600,NA,Troj/SunBurst-A(Installer|CORE-2019.4.5220.20574-SolarWinds-Core-v2019.4.5220-Hotfix5.msp)
sha256,53f8dfc65169ccda021b72a62e0c22a4db7c4077f002fa742717d41b3c40f2c7,NA,Mal/Generic-S(Solarwinds Worldwide LLC)
sha256,ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,292327e5c94afa352cc5a02ca273df543f2020d0e76368ff96c84f4e90778712,NA,Mal/Generic-S(OrionImprovementBusinessLayer.2.cs)
sha256,c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71,NA,Mal/Sunburst-B(app_web_logoimagehandler.ashx.b6031896.dll).SuperNova webshell backdoor
sha256,019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,abe22cf0d78836c3ea072daeaf4c5eeaf9c29b6feb597741651979fc8fbd2417,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,2ade1ac8911ad6a23498230a5e119516db47f6e76687f804e2512cc9bcfda2b0,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,db9e63337dacf0c0f1baa06145fd5f1007002c63124f99180f520ac11d551420,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,0f5d7e6dfdd62c83eb096ba193b5ae394001bac036745495674156ead6557589,NA,Mal/Sunburst-A(SolarWinds.Orion.Core.BusinessLayer.dll)
sha256,b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07,NA,Teardrop
sha256,1817a5bf9c01035bcf8a975c9f1d94b0ce7f6a200339485d8f93859f8f6d730c,NA,Teardrop